<?php
	session_start();
	include("load-settings.php");

	if(!isset($_SESSION['user']))
		header("Location: login.php");

	$user = $_SESSION['user'];

	$result = mysql_query("SELECT * FROM user WHERE id = $user");
	$row = mysql_fetch_array($result);
	$access = $row['type'];

	if($access == 0)
		header("Location: home.php");

	if(isset($_GET['order']))
	{
		$order = mysql_real_escape_string($_GET['order']);

		$result = mysql_query("SELECT * FROM booster_order WHERE id = $order") or die(mysql_error());

		if(mysql_num_rows($result) == 0)
		{
			header("Location: booster.php");
		}

		$row = mysql_fetch_array($result);

		if($user != $row['booster'] && $access != 2)
		{
			header("Location: booster.php");
		}

		$wins = $row['wins'];
		$wins++;

		mysql_query("UPDATE booster_order SET wins = $wins WHERE id = $order");

		$order_result = mysql_query("SELECT * FROM order_record WHERE id = ".$row['order_record']);
		$order_row = mysql_fetch_array($order_result);

		if($wins - $row['losses'] == $order_row['number_of_wins'])
		{
			mysql_query("UPDATE order_record SET complete = 1 WHERE id = ".$order_row['id']);
			mysql_query("UPTADE booster_order SET status = 3 WHERE id = $order");
		}

		header("Location: order.php?id=".$row['order_record']);
	}
	else
	{
		header("Location: booster.php");
	}
?>